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Outline 

Mffli 

General  Cryptography: 

•  Encryption  vs.  Key  Generation 

•  Quantum  Cryptography  vs.  Physical  Cryptography 

•  Randomized  Ciphers 

AlphaEta  Encryption: 

•  Basic  principle/Security 

•  Simulations 

•  Experiments/Demonstrations 
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Cryptography  NtlSSffi 


Encryption:  •  Protects  data  from  unauthorized  observation 

•  Knowledge  of  a  key  (or  some  secret)  identifies  legitimate  users 

•  Typically  key  is  short  (<1000  bits)  while  the  message  is  long  (>Gb) 

15^  .,  ..  •  Generate  shared  key  between  two  users 

Distribution: 

•  Some  initial  shared  information  (secret)  generally  needed 
for  authentication 

•  Traditionally  use  ‘one-way’  mathematical  functions 
(make  Eve  factor  large  number  or  solve  discrete  logarithm) 

•  Quantum  Key  Distribution  (QKD)  uses  quantum  effects  to 
try  to  bound  the  information  that  an  eavesdropper  can  get 

Authentication,  Non-Repudiation,  etc. 


Tx:  Alice 

Rx:  Bob 

Eavesdropper: 

Eve 

Approved  for  public  release;  distribution  unlimited. _ globecom  2007,  Slide  3 


Quantum  Cryptography 


Key  Generation  demonstrated 
Short  distances  (<~20dB  loss) 

No  optical  amplifiers 

Low  key-rate  (kb/s)  -  need  to  use  traditional  encryption 
Quantifiable  security  model  is  a  goal 


BB-84/ 
Ekert  QKD: 


AlphaEta: 


Practical  encryption  demonstrated 

Uses  quantum  noise,  but  not  uniquely  quantum  effects 

Long  distances  (>200dB  loss) 

Optical  amplifiers,  typical  nonlinearity  and  network  elements  OK 


•  BB-84  is  an  important  key  generation  mechanism  with  limited  applicability 

•  AlphaEta  is  a  physical-layer  optical  encryption  scheme  compatible  with 
current  high  speed  fiber-optic  networks 

Compatible  (not  competing)  technologies 
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Standard  (Traditional)  Stream  Cipher 


Mil 


Plaintext 


PRBS:  Pseudo-random  bit  generator 


•Ciphertext 
Eve 


Plaintext 


Assume  PRBS  is  a  simple  linear  feedback  shift  register  (LFSR): 

Class  of  Attack 


Ciphertext  only  attack 
Statistical  attack 
Known  plaintext  attack 


Key  Security 

-  Perfect 


-  Zero  (for  AES  ‘unknown’) 


How  do  we  really  pin-down  Eve’s  knowledge  of  plaintext  statistics?  Can  only  assume. 
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Physical  Encryption 


•  Some  physical  process  obscures  the  data 
-  not  just  mathematical  manipulation 

•  Still  share  a  secret  —  maybe  in  fabrication  parameters 

•  Potentially  high-speed,  highly  secure,  difficult  to  record 

•  Performance  /  security  /  compatibility  problems  hamper  their  use 

Synchronized  Chaotic  Lasers: 

•  Small  signal  under  large  chaotic  fluctuation  of  laser 

•  Poor  signal-to-noise  ratio  (SNR),  nonlinearities  set  in  early,  not  terribly  fast 

OCDMA: 

•  Data  accessed  via  a  modulation  code 

•  Usually  inherently  insecure  (small  code-space) 

•  “Noise”  (security)  comes  from  multiple  users 

•  Not  compatible  with  typical  systems  (wide-band,  poor  performance) 
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AlphaEta  Encryption 


MjjC 


Use  extended  key  (traditional  encryption)  to  choose  one  of  M  basis  states: 
adds  a  bias  to  each  data  bit 

Bob  can  subtract  off  bias  —  reads  binary  data 

Eve  analyzes  2/W’ary  signal  set  (2M  >  4000  demonstrated) 

Optical  power  level  adjusted,  so  many  states  obscured  by  quantum  noise 

Quantum  noise  can’t  be  circumvented  —  not  technology  related 

Known  Plaintext  Attack — *  ‘Lower-bounded’  Statistical  Attack 

yfn 


EVE 

Bits  shrouded  in 
quantum-noise 
of  light 


BOB 

Use  of  secret 
key  unveils  the 
shroud  for  Bob 
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AlphaEta  Block  Implementation 
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AlphaEta  Security 


Nucr 


•  ‘Lower  bound’  noise  levels  for  Eve’s  statistical  analysis  known  precisely 

•  Security  ‘Level’  depends  on: 

amount  of  noise,  type  of  PRBS  algorithm  used,  #  basis  states 

•  Still  may  not  know  exactly  how  hard  system  is  to  break 
(if  optimal  breaking  algorithm  unknown)  but: 

1  worst-case  security  improved  (even  simple  LFSR  can  offer  useful  security) 
■  randomization  adds  qualitatively  different  type  of  security 

•  nebulous  problem  of  Eve’s  statistical  knowledge  circumvented 

•  additional  measurement  burden  for  attacker 


Class  of  Attack 

Ciphertext  only  attack 
Statistical  attack 
Known  plaintext  attack 
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Key  Security 

-  Perfect  Security 

Security  ‘Level’ 

LFSR-Zero  Security 
(AES  -  unknown) 
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AlphaEta  Characteristics 


Same  Key  +  Same  Plaintext 
/  Same  Ciphertext 


•  One  class  of  key  attack 

•  Compatible  with  current  DWDM  telecom  infrastructure 

•  No  direct  attacks  on  the  data  (not  true  for  all  physical  encryption  schemes) 

•  Performance  similar  to  DPSK  signaling  (IdB  penalty  observed) 

•  Combines  traditional  &  physical  encryption  (high  confidence,  upgradeable) 

•  Noise  levels  controllable  and  set  by  quantum  mechanics 

—  not  technology  related,  quantifiable  with  no  assumptions,  truly  random 
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AlphaEta  Simulation  Summary 


•  Highly  accurate  modified  covariance  matrix  method  simulation 

•  Linear  (dispersion,  EDFA  noise,  filtering) 

and  nonlinear  (XPM,  SPM,  FWM)  effects  included 

•  12  channel  High  density  (50GHz  spacing)  lOGb/s  NRZ  system: 
>1 500km  reach  with  40  states  obscured  by  noise  (14  bit  DAC) 

•  Single  channel  lOGb/s  AlphaEta: 

>5000km  reach  with  80  states  obscured  by  noise 

•  Super-high  security  simulation  with  half-circle  DSR  noise: 
2.5Gb/s,  24  channel  25GHz  spacing,  ~900km  reach 


V.S.  Grigoryan  et  al,  OFC  2007  and  ECOC  2005 

G.S.  Kanter  et  al,  SPIE  Fluctuations  and  Noise  Conference  2005 
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Telcordia  /  Northwestern  University 
ATDNet  /  BOSSNET  OC-12  Demonstration 


DMtPA 


T.  Banwell  et  al,  MilCom  2005 
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850km  loop:  Maryland  to  New  York  and  back 


DISA 


Open  Eye  /  FEC  Correctable  BER 
Afteif  850km  (622Mb/s) 


NuCrypt  OC-48  (2.5Gb/s) 
210  km  Lab  Test 


71km  71km  71km 

fiber  fiber  fiber 


DPSK  Signal  AlphaEta  Encrypted/Decrypted  Signal 

18.1dB/0.1nm  18.1dB/0.1nm 
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OC-48  Lab  Performance  M&(0t 


•  Free  Space  GbE-to-155Mb/s  Variable  Rate  System 

•  Forward  Error  Correction  Used 

•  ~0.5dB  Penalty  for  Encrypt/Decrypt  Function 


OSNR:  dB/O.lnm 
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Summary 

AlphaEta  is  a  practical  physical  encryption  system: 

•  Performance  similar  to  standard  systems:  ~1dB  performance  reduction 
observed 

•  Uses  off  the  shelf  components 

•  Use  best  available  traditional  cryptographic  algorithms 

•  Improved  security  via  random  noise  /  added  complexity 

•  Known  plaintext  attack  low  correlation  statistical  attack 

•  Lots  of  practical  issues  for  Eve-  How  to  phase-lock  to  a  dense,  noisy  M- 
ary  constellation? 

•  Demonstrated  Drop-in  compatibility  with  all-optical  fiber  networks-  850km 
in-ground  demo 

•  2.5Gb/s  data  rates  attainable  now 
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